Anchor Login: How can I verify the identity/signature on server?

BjornBlackBill · November 15, 2021, 12:39am

Can I verify and Anchor Login Signature with ecc.verify()?
If so, where do I find the data used to sign the login request?

From the Anchor documentation: “The identity returned from the process of signing in a user contains a lot of useful information about the user, including their account information, signing key, and the parameters used to sign the request itself.”

function login() {
    link.login(identifier).then((result) => {
       session = result.session;
       let signature = String(result.proof.signature);
       let publicKey = String(session.publicKey);
       let data = String(**result.?**);

       //Then I'll send parameters to server to run an identity check with ecc.verify
       if(ecc.verify(signature, data , publicKey) === true){
             //Identity is confirm on server and can return private data related to this account...      
       }
    })
 }

aaron · November 15, 2021, 9:32pm

If you’re using eosjs/ecc to try and do this, here’s a code sample in one of our demos from a while ago that shows the steps to do so. Hope these help!

github.com

greymass/anchor-link-demo-multipass/blob/92615393686e35fefb0c977b57b2124d05e8af8e/src/App.js#L53-L67


// Use the anchor-link login method with the chain id to establish a session
const identity = await this.link.login('anchor-link-demo-multipass', { chainId })
// (optional) pull values useful for identity proofs from the results of login 
const identityProofTransaction = identity.serializedTransaction
const identityProofSignature = identity.signatures[0]
const identityProofSignedWith = identity.signerKey
const identityProofBuffer = Buffer.concat([
  Buffer.from(chainId, 'hex'),
  Buffer.from(identityProofTransaction),
  Buffer.alloc(32),
])
// (optional) verify the user signature is valid to the identity being returned
const proofValid = ecc.verify(identityProofSignature, identityProofBuffer, identityProofSignedWith)
// (optional) Retrieve the public key used during the proof
const proofKey = ecc.recover(identityProofSignature, identityProofBuffer)

We recently rewrote it to use some of our new helper methods in eosio-core (an eosjs replacement) that does the same thing, which can be found here:

github.com

greymass/anchor-link-demo-multipass/blob/c68e3c864fae988fc4ba203fe749e7ec2e849d74/src/App.js#L72-L118


verifyProof = async (identity) => {
  // Generate an array of valid chain IDs from the demo configuration
  const chains = blockchains.map(chain => chain.chainId)

  // Create a proof helper based on the identity results from anchor-link
  const proof = IdentityProof.from(identity.proof)

  // Check to see if the chainId from the proof is valid for this demo
  const chain = chains.find(id => ChainId.from(id).equals(proof.chainId))
  if (!chain) {
      throw new Error('Unsupported chain supplied in identity proof')
  }

  // Load the account data from a blockchain API
  let account
  try {
    account = await this.link.client.v1.chain.get_account(proof.signer.actor)
  } catch (error) {
      if (error instanceof APIError && error.code === 0) {
          throw new Error('No such account', 401)

This file has been truncated. show original

BjornBlackBill · November 16, 2021, 4:30pm

Fantastic! Works like a charm. Thanks again.